From 6f11d3947ee98029a341e88eab35ec4600d375ac Mon Sep 17 00:00:00 2001 From: Antonio Borneo Date: Wed, 4 Dec 2013 13:40:55 +0000 Subject: [PATCH] test-crypto: move crypted data out of code The test program embeds encrypted binary data, but the encryption key is not made available from the original developer. Move the binary data out of the code, so later we can replace it with data encrypted under our control. Signed-off-by: Antonio Borneo git-svn-id: https://svn.unix-ag.uni-kl.de/vpnc/trunk@538 315857ad-0bdb-0310-b42e-dec37551a5f0 --- Makefile | 4 +- test-crypto.c | 296 ++++++++++++++++++++++++++++++------------------------ test/dec_data.bin | Bin 0 -> 256 bytes test/sig_data.bin | Bin 0 -> 256 bytes 4 files changed, 165 insertions(+), 135 deletions(-) rewrite test-crypto.c (62%) create mode 100644 test/dec_data.bin create mode 100644 test/sig_data.bin diff --git a/Makefile b/Makefile index 29d20c2..1fded3d 100644 --- a/Makefile +++ b/Makefile @@ -114,8 +114,8 @@ vpnc-%.tar.gz : rm -rf vpnc-$* test : all - ./test-crypto test/cert.pem test/cert1.pem test/cert2.pem test/root.pem - #./test-crypto test/cert.pem test/cert0.crt test/cert1.crt test/cert2.crt test/root.crt + ./test-crypto test/sig_data.bin test/dec_data.bin \ + test/cert.pem test/cert1.pem test/cert2.pem test/root.pem dist : VERSION vpnc.8 vpnc-$(RELEASE_VERSION).tar.gz diff --git a/test-crypto.c b/test-crypto.c dissimilarity index 62% index bba0599..4d0a9d3 100644 --- a/test-crypto.c +++ b/test-crypto.c @@ -1,133 +1,163 @@ -/* IPSec VPN client compatible with Cisco equipment. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "crypto.h" - -int main(int argc, char *argv[]) -{ - crypto_ctx *cctx; - crypto_error *error = NULL; - int i; - unsigned char *data; - size_t size = 0; - const unsigned char sig_data[] = { - 0x30, 0x82, 0x04, 0xb5, 0x30, 0x82, 0x03, 0x9d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x30, - 0x81, 0x9f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b, 0x73, 0x68, - - 0x69, 0x72, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4e, 0x65, - 0x77, 0x62, 0x75, 0x72, 0x79, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, - 0x4d, 0x79, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11, - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x08, 0x54, 0x68, 0x65, 0x20, 0x55, 0x6e, 0x69, - - 0x74, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x74, 0x65, 0x73, 0x74, - 0x2e, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x21, - 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x74, - 0x65, 0x73, 0x74, 0x40, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72, - - 0x67, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x39, 0x30, 0x34, 0x32, 0x38, 0x30, 0x32, 0x35, 0x30, 0x35, - 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x34, 0x32, 0x36, 0x30, 0x32, 0x35, 0x30, 0x35, 0x32, - 0x5a, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b, - }; - const unsigned char dec_data[] = { - 0x7c, 0x2a, 0xe4, 0x60, 0x10, 0x9f, 0xab, 0xd6, 0x76, 0x7b, 0x9d, 0x16, 0xbb, 0xd3, 0x16, 0xa3, - 0x61, 0x50, 0x56, 0x13, 0xe4, 0x61, 0x0e, 0x90, 0x71, 0x5c, 0x47, 0xae, 0x4a, 0xc2, 0x89, 0xf8, - 0x47, 0x61, 0x4c, 0x3f, 0xd6, 0x11, 0x97, 0xb7, 0x0d, 0x84, 0x86, 0xdd, 0xe9, 0x6d, 0x3e, 0x89, - 0xe0, 0x4f, 0x7a, 0x95, 0x3f, 0x6e, 0xe4, 0xcd, 0xb2, 0x80, 0x3e, 0x19, 0x3e, 0x97, 0x7c, 0xdf, - 0xd5, 0xff, 0xcb, 0x90, 0xfb, 0x71, 0x9c, 0xef, 0xa1, 0xf6, 0x8c, 0x36, 0xb3, 0x1f, 0x63, 0x7f, - 0x32, 0xf5, 0x00, 0x12, 0x5e, 0x13, 0x84, 0x88, 0xe3, 0x13, 0x1c, 0x11, 0x2d, 0x9a, 0xd7, 0xec, - 0x51, 0x94, 0x20, 0x6e, 0x8f, 0x69, 0xdf, 0x07, 0xe9, 0x46, 0x3b, 0xd9, 0x1c, 0x0a, 0xc0, 0x60, - 0x90, 0x3a, 0x9a, 0x18, 0xa8, 0x19, 0xc6, 0x78, 0xc9, 0xf3, 0x1a, 0xbb, 0xca, 0xa8, 0xb5, 0x05, - 0x6b, 0xa8, 0xfb, 0xeb, 0xdd, 0x19, 0x56, 0xc4, 0xfe, 0x7c, 0x84, 0xb1, 0xfd, 0x92, 0xbd, 0xe2, - 0xb2, 0x94, 0x57, 0x3d, 0x03, 0x0a, 0xf1, 0xee, 0xca, 0xec, 0x8a, 0x0f, 0xb6, 0x23, 0x0b, 0x44, - 0x14, 0x0d, 0xe0, 0xb1, 0x68, 0x38, 0x56, 0x7c, 0x66, 0x60, 0x8f, 0x54, 0x8b, 0x5c, 0x80, 0x37, - 0x94, 0x27, 0x89, 0x47, 0x2c, 0x24, 0x45, 0x6b, 0x76, 0xdd, 0xfb, 0xf1, 0x31, 0xef, 0x7f, 0xa4, - 0xba, 0x95, 0x4b, 0x91, 0x9c, 0x86, 0xa6, 0x48, 0xa2, 0x5a, 0x41, 0x64, 0x31, 0x14, 0x80, 0x6b, - 0xb3, 0x0d, 0x46, 0x14, 0xb2, 0x61, 0x49, 0x81, 0xf5, 0x14, 0x2e, 0x1c, 0x3b, 0x7b, 0xc2, 0x23, - 0x9d, 0x31, 0x66, 0x49, 0x56, 0x50, 0x69, 0x69, 0x5a, 0x5c, 0x82, 0x68, 0x96, 0x04, 0xc1, 0x76, - 0x18, 0x19, 0x13, 0x95, 0xad, 0xbd, 0x5f, 0x96, 0x6d, 0xfe, 0xde, 0x65, 0x6a, 0x78, 0x47, 0x63, - }; - - if (argc < 4) { - fprintf(stderr, "Need at least 3 arguments: \n"); - return 1; - } - - cctx = crypto_ctx_new(&error); - if (!cctx) { - fprintf(stderr, "Error initializing crypto: %s\n", error->msg); - return error->code; - } - - /* Load certificates */ - for (i = 2; i < argc; i++) { - data = crypto_read_cert(argv[i], &size, &error); - if (!data) { - fprintf(stderr, "Error reading cert %d: %s\n", i + 1, error->msg); - return error->code; - } - if (crypto_push_cert(cctx, data, size, &error)) { - free(data); - fprintf(stderr, "Error pushing cert %d: %s\n", i + 1, error->msg); - return error->code; - } - free(data); - } - - /* Verify the cert chain */ - if (crypto_verify_chain(cctx, argv[1], NULL, &error) != 0) { - fprintf(stderr, "Error verifying chain: %s\n", error && error->msg ? error->msg : "(none)"); - return error->code; - } - - /* Decrypt something using the public key of the server certificate */ - size = 0; - data = crypto_decrypt_signature(cctx, &sig_data[0], sizeof(sig_data), &size, CRYPTO_PAD_NONE, &error); - if (!data || !size) { - fprintf(stderr, "Error decrypting signature: %s\n", error && error->msg ? error->msg : "(none)"); - return error->code; - } - - if (size != sizeof(dec_data)) { - fprintf(stderr, "Error decrypting signature: unexpected " - "decrypted size %zd (expected %zu)\n", size, sizeof(dec_data)); - return 1; - } - - if (memcmp(data, dec_data, sizeof(dec_data))) { - fprintf(stderr, "Error decrypting signature: decrypted data did" - " not match expected decrypted data\n"); - return 1; - } - free(data); - - fprintf(stdout, "Success\n"); - - crypto_ctx_free(cctx); - return 0; -} - +/* IPSec VPN client compatible with Cisco equipment. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "crypto.h" + +static unsigned char *read_binfile(const char *filename, size_t *len) +{ + int fd, ret; + struct stat s; + unsigned char *b; + + if (filename == NULL || len ==NULL) + return NULL; + + fd = open(filename, O_RDONLY); + if (fd < 0) { + fprintf(stderr, "Error opening file %s\n", filename); + return NULL; + } + + ret = fstat(fd, &s); + if (ret < 0) { + fprintf(stderr, "Error while stat() file %s\n", filename); + close(fd); + return NULL; + } + if (s.st_size == 0) { + fprintf(stderr, "Empty file %s\n", filename); + close(fd); + return NULL; + } + + b = malloc(s.st_size); + if (b == NULL) { + fprintf(stderr, "Error allocating memory\n"); + close(fd); + return NULL; + } + + ret = read(fd, b, s.st_size); + if (ret != s.st_size) { + fprintf(stderr, "Error reading file %s\n", filename); + free(b); + close(fd); + return NULL; + } + + close(fd); + *len = s.st_size; + return b; +} + +int main(int argc, char *argv[]) +{ + crypto_ctx *cctx; + crypto_error *error = NULL; + int i; + unsigned char *data; + size_t size = 0, sig_len, dec_len; + unsigned char *sig_data, *dec_data; + + if (argc < 6) { + fprintf(stderr, "Need at least 5 arguments: \n"); + return 1; + } + + cctx = crypto_ctx_new(&error); + if (!cctx) { + fprintf(stderr, "Error initializing crypto: %s\n", error->msg); + return error->code; + } + + /* Load certificates */ + for (i = 4; i < argc; i++) { + data = crypto_read_cert(argv[i], &size, &error); + if (!data) { + fprintf(stderr, "Error reading cert %d: %s\n", i + 1, error->msg); + return error->code; + } + if (crypto_push_cert(cctx, data, size, &error)) { + free(data); + fprintf(stderr, "Error pushing cert %d: %s\n", i + 1, error->msg); + return error->code; + } + free(data); + } + + /* Verify the cert chain */ + if (crypto_verify_chain(cctx, argv[3], NULL, &error) != 0) { + fprintf(stderr, "Error verifying chain: %s\n", error && error->msg ? error->msg : "(none)"); + return error->code; + } + + /* Decrypt something using the public key of the server certificate */ + sig_data = read_binfile(argv[1], &sig_len); + if (sig_data == NULL) + return 1; + + dec_data = read_binfile(argv[2], &dec_len); + if (dec_data == NULL) { + free(sig_data); + return 1; + } + + size = 0; + data = crypto_decrypt_signature(cctx, &sig_data[0], sig_len, &size, CRYPTO_PAD_NONE, &error); + if (!data || !size) { + fprintf(stderr, "Error decrypting signature: %s\n", error && error->msg ? error->msg : "(none)"); + free(dec_data); + free(sig_data); + return error->code; + } + + if (size != dec_len) { + fprintf(stderr, "Error decrypting signature: unexpected " + "decrypted size %zd (expected %zu)\n", size, dec_len); + free(dec_data); + free(sig_data); + free(data); + return 1; + } + + if (memcmp(data, dec_data, dec_len)) { + fprintf(stderr, "Error decrypting signature: decrypted data did" + " not match expected decrypted data\n"); + free(dec_data); + free(sig_data); + free(data); + return 1; + } + free(dec_data); + free(sig_data); + free(data); + + fprintf(stdout, "Success\n"); + + crypto_ctx_free(cctx); + return 0; +} + diff --git a/test/dec_data.bin b/test/dec_data.bin new file mode 100644 index 0000000000000000000000000000000000000000..95421e574cafedb1c776bd723d8a56e576edb87a GIT binary patch literal 256 zcwPYj0ssDdD&$}gpR3k(dz}`$(-xy)P*xM)asQc^P8CJype1x(6lD*=xlvh0i z3i0mB?1~SzBMU?n4dAh8I97aSV2@ObT!1%}Cy7TaBt>g>-TUz|?|-Dal}nMFhNeiO zT0vwn6o6~94Mr5QVM&4Y6fPV)d%`1~F=k0tP-$seT!Ltp1i^L~855PQyL+t9mQ| literal 0 HcwPel00001 diff --git a/test/sig_data.bin b/test/sig_data.bin new file mode 100644 index 0000000000000000000000000000000000000000..570253441dc3d0904253876b845280e852b07bc0 GIT binary patch literal 256 zcwRGTV%ciY#5{KaGZP~d5E<~YacZ@Bw0-AgWMpAwFld}_$Zf#M#vIDRCd?EXY$#+P z0OD{6b2_CKWfx~;7Nr^r81R9_*oE2sQp=M{iz*Gp4MagAT*7?5l?u-Jxdn-Nl?py3 zDTaau{2&Q#VUCcDRE5yI%o0Os14)n&v#?M}YH^8Paei)Uc}8kcs$PCkx}l